]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/letsencrypt/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
community: stop yoyo rebuilds due to git repo changes
[chef.git] / cookbooks / letsencrypt / recipes / default.rb
diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
index ed18254cc84c00b8bd07355311c0d960c822dd4a..382a0a58cfb01b25a097f1fa3af639086dd05005 100644 (file)
--- a/cookbooks/letsencrypt/recipes/default.rb
+++ b/cookbooks/letsencrypt/recipes/default.rb
@@ -19,6 +19,7 @@
 
 include_recipe "accounts"
 include_recipe "apache"
 
 include_recipe "accounts"
 include_recipe "apache"
+include_recipe "chef::knife"
 
 keys = data_bag_item("chef", "keys")
 
 
 keys = data_bag_item("chef", "keys")
 
@@ -27,8 +28,6 @@ package %w[
   ruby
 ]
 
   ruby
 ]
 
-chef_gem "knife"
-
 directory "/etc/letsencrypt" do
   owner "letsencrypt"
   group "letsencrypt"
 directory "/etc/letsencrypt" do
   owner "letsencrypt"
   group "letsencrypt"
@@ -177,20 +176,44 @@ template "/srv/acme.openstreetmap.org/bin/check-certificates" do
   variables :certificates => certificates
 end
 
   variables :certificates => certificates
 end
 
-cron_d "letencrypt-renew" do
-  minute "00"
-  hour "*/12"
+systemd_service "letsencrypt-renew" do
+  description "Renew letsencrypt certificates"
+  exec_start "/srv/acme.openstreetmap.org/bin/renew"
   user "letsencrypt"
   user "letsencrypt"
-  command "/srv/acme.openstreetmap.org/bin/renew"
-  mailto "admins@openstreetmap.org"
+  sandbox :enable_network => true
+  read_write_paths [
+    "/srv/acme.openstreetmap.org/config",
+    "/srv/acme.openstreetmap.org/html",
+    "/srv/acme.openstreetmap.org/logs",
+    "/srv/acme.openstreetmap.org/work"
+  ]
+end
+
+systemd_timer "letsencrypt-renew" do
+  description "Renew letsencrypt certificates"
+  on_boot_sec "1h"
+  on_unit_inactive_sec "12h"
+end
+
+service "letsencrypt-renew.timer" do
+  action [:enable, :start]
 end
 
 end
 
-cron_d "letencrypt-check" do
-  minute "30"
-  hour "*/12"
+systemd_service "letsencrypt-check" do
+  description "Check letsencrypt certificates"
+  exec_start "/srv/acme.openstreetmap.org/bin/check-certificates"
   user "letsencrypt"
   user "letsencrypt"
-  command "/srv/acme.openstreetmap.org/bin/check-certificates"
-  mailto "admins@openstreetmap.org"
+  sandbox :enable_network => true
+end
+
+systemd_timer "letsencrypt-check" do
+  description "Check letsencrypt certificates"
+  on_boot_sec "2h"
+  on_unit_inactive_sec "12h"
+end
+
+service "letsencrypt-check.timer" do
+  action [:enable, :start]
 end
 
 template "/etc/logrotate.d/letsencrypt" do
 end
 
 template "/etc/logrotate.d/letsencrypt" do
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.